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Abstract. A sound and complete embedding of conditional logics into 
classical higher-order logic is presented. This embedding enables the ap- 
plication of off-the-shelf higher-order automated theorem provers and 
model finders for reasoning within and about conditional logics. 



1 Introduction 

Conditional logics capture default entailment in a modal framework via a defea- 
sible implication operator " " such that a =^ (3 reads as, "If a then, typically 
/3" . A peculiarity of conditional logics is that a is a formula and can contain 
other occurrences of . 

Thanks to their expressivity, conditional logics have been successfully applied 
in several domains like non-monotonic reasoning [9], belief revision |12J and 
security [13]. 

Despite their wide range of potential applications, the formalization of a 
proper proof theory for conditional logics has been tackled only recently and 
only for a limited set of axiomatizations |18I19| . Moreover, there is no uniform 
framework to specify and reason about such formalisms. 

Following the work of [5| , a semantic embedding of conditional logic in classi- 
cal higher-order logic HOL (Church's type theory) is presented. This embedding 
exploits the natural correspondence between selection function semantics for con- 
ditional logics [20] and HOL. In fact, selection function semantics can be seen as 
an higher-order extension of well-known Kripke semantics for modal logic and 
cannot be naturally embedded into first-order logic. 

The contributions of the paper are threefold. First, we prove that the pre- 
sented embedding is sound and complete w.r.t. selection function semantics. Sec- 
ond, we show how to apply off-the-shelf higher-order theorem provers and model 
finders for reasoning within and about conditional logics. Third, we investigate 
the practical value of such embedding through several experiments with differ- 
ent higher-order reasoning systems (HOL-RSs). As part of these experiments, 
several correspondence results between prominent conditional logic axioms and 
related semantic conditions have been automatically verified. 



2 Conditional Logics 



In order to make the paper self contained, we briefly resume syntax and semantics 
of conditional logics. For a deeper treatment we refer to [18 . 

Definition 1. The formulas of conditional logic are given by 

if ::— p I -lip \ If \/ if \ if =^ if 

where p ranges over a set of Boolean variables and ^ is a binary modal operator. 

From the selected set of primitive connectives, other logical connectives can 
be introduced as abbreviations: e.g., 95 A '0 and 95 — -0 (material implication) 
abbreviate -^{^ip V -^ip) and -^ip V 0, etc. Syntactically, conditional logics can be 
seen as a generalization of multimodal logic where the index of modality ^ is 
a formula of the same language. For instance, in (A ^ B) C the subformula 
A ^ B is the index of the second occurrence of =>. 

Regarding semantics, many different formalizations have been proposed (see 
[15]), here we focus on the selection function semantics jlO) . which is based on 
possible world structures and has been successfully used in [T7] to develop proof 
methods for some conditional logics. 

Definition 2. A model of conditional logics is a tuple M. = {S, /, h) where, 

- S is a non empty set of items called states; 

- f : S X 2^ ^ 2^ is the selection function; 

- h is an assignment which, for each Boolean variable p, assigns the subset of 
states h{p) where p holds. 

Intuitively the selection function / selects, for a world w and a formula the 
set of worlds f{w, A) which are "most-similar to w" or "closer to w" given the 
information cp. 

Definition 3 (Semantic Interpretation). An interpretation for a conditional 
logic is a pair M., s where A4 is a model and s is a state in A4. The satisfaction 
relation \= holds between interpretations and formulae of the logic, and it is 
defined recursively as follows: 

- M,s\=p iff s e h{p) 

- M, s \= ^(f iff not M,s \= ip 

- M, s ^ V -0 iff M,s \= ip or M, s ^ 

- M,s ^ => t/i iff M,t \= tp for all t £ /(s, [ip]) where, [ip] = {w \ M,w \= 

As usual, a conditional formula ip is valid in a model A4 = {S,f,h), denoted 
with A4 ^ 93, iff for all s G S* holds Ai,s ^ p. A formula p is valid, denoted 
\= p, iff it is valid in every model. 

Notice that / is defined to take [ip] (called the proof set of p^ w.r.t. a given 
model Ai) instead of (p. This approach has the consequence of forcing the so- 
called normality property: given a model A4, if (p and ip' are equivalent (i.e., 



they are satisfied in the same set of states), then they index the same formulas 
w.r.t. to the modality. 

The axiomatic counterpart of the normality condition is given by the rule 
(RCEA) 

{RCEA) 



Moreover, it can be easily shown that the above semantics forces also the fol- 
lowing rules to hold: 

((^1 A ... A ipn) ^ V' , , 

(RCK) 



— {EC EC) 

(ip^if)^ {iIj ^ ip') 

We refer to Cif [10] as the minimal conditional logic closed under rules 
RCEA, RCEC and RCK. In what follows, only conditional logics extending CK 
are considered. 



3 Classical Higher-Order Logic 

HOL is a logic based on simply typed A-calculus [1112] . The set T of simple 
types in HOL is usually freely generated from a set of basic types {o, i} (where 
o denotes the type of Booleans) using the function type constructor 

Definition 4. The terms of HOL are defined by (a, f3,o E T) 

S,t Pa I Xa I {XXa-Si3)a^i3 \ (Sq^/3)/3 | i^o-,o So)o | 
{^o Vo^o^o to)o I {-^[a^o)^o ^a^o)o 

Pa denotes typed constants and Xa typed variables (distinct from Pa)- 

Complex typed terms are constructed via abstraction and application. The prim- 
itive logical connectives are -iq^o, Vq^o^o and i7(Q^o)-»o (for each type a). From 
these, other logical connectives can be introduced as abbreviations: e.g., A and 
-> abbreviate the terms \A.XB .^{-^A\J ^B) and XA.XB.^Ay B, etc. HOL terms 
of type o are called formulas. Binder notation MXa-So is used as an abbrevia- 
tion for {n(^a^o)^o {XXa-So))- Substitution of a term Aa for a variable Xa in a 
term Bp is denoted by [A/X]B^ where it is assumed that the bound variables of 
B avoid variable capture. Well known operations and relations on HOL terms 
include /Jjy-normalization and /377-equality, denoted by s =13,1 t. 

The following definition of HOL semantics closely follows the standard liter- 
ature [ng. 



Definition 5. A frame is a collection {Da}a£T of nonempty sets called do- 
mains such that Do = {T, F} where T represents truth and F falsehood, Di ^% 
is chosen arbitrary, and D^^^ are collections of functions mapping Da into D^. 

Definition 6. An interpretation is a tuple ({_Dq}q,£7-, /) where {Da}aeT 
a frame and where function I maps each typed constant to an appropriate 
element of Da, which is called the denotation ofca- The denotations of ^, V and 
iT(o,^o)^o are always chosen as usual. A variable assignment (f) m,a,ps variables Xa 
to elem,ents in Da- An interpretation is a Henkin model (general model) if and 
only if there is a binary valuation function V such that V{(j), Sa) & Da for each 
variable assignment c6 and term Sa, and the following conditions are satisfied for 
all (p, variables Xa, constants pa, and terms la^fi,ra,s^ (fora,/3 &T): 

- V{ct>,Xa) = 0{Xa) 

- V(</.,Pa) = I{pa) 

- V(</>,Ga^/j ra)) = (V(0,/„^^))(V(^,r„)) 

- V{4>, XXa-Sfi) represents the function from Da into Dp whose value for each 
argument z G Da is V{(l)[z/Xa],sp), where (f)[z/Xa] is that variable assign- 
ment such that (f)[z/Xa]{Xa) = z and (j)[z/Xa]Yp = (j)Yfi when ^ Xa- 

If an interpretation V. = {{Da}aeTiI) is an Henkin model the function V 
is uniquely determined and V{(l),Sa) G Da is called the denotation of is 
called a standard model if and only if for all a and j3, Da^p is the set of all 
functions from Da into D^- It is easy to verify that each standard model is also 
a Henkin model. A formula A of HOL is valid in a Henkin model T-L if and only 
if V(^, A) = T for all variable assignments 4>- In this case we write 'H |= ^. ^ is 
(Henkin) valid, denoted as \= A, if and only \i'H\= A for all Henkin models 

Proposition 1. Let V be the valuation function of Henkin model %. The fol- 
lowing properties hold for all assignments <p, terms So,to,laTfa, and variables 
Xa,Va (fora&T): 

- V{(t>,hso))=T iffV{cl>,So)=F 

- V{<t>, [so W to)) = Tiff V(<^, So) =T or V(<^, So) = T 

- V{6. {so A to)) =T iff V(0, .So) = T and V{<j), So) = T 

- V(</>, (so ^ to)) = Tiff V{cf>, So) = F or V(0, So) = T 

- V{<l>,{yXa.So)) = V{<j),in^a-,o)^o (XXa-So))) = T iff for all V G Da holds 

V{cl)[v/Va],{{\Xa-So) V))^T 

- if la =/3r7 then V{(j),la) = V{(j),ra) 

4 Embedding Conditional Logics in HOL 

Conditional logic formulas are identified with certain HOL terms (predicates) of 
type i -» o. They can be applied to terms of type i, which are assumed to denote 
possible states. 



Definition 7. The mapping [-J translates formulas tp of conditional logic CK 
into HOL terms \}p\ of type i ^ o. The primitives of conditional logic are mapped 
as follows: 




The constant symbol f in the mapping of is of type i -> (i -> o) -> (i -s- o) . It 
realizes the selection function, i.e., its interpretation is chosen appropriately (cf. 
below). 

Compound formulas are recursively mapped as follows: 



Analyzing the validity of a translated formula for a state represented by 
term ti corresponds to evaluating the application {\}p\ ti). In line with (6^, we 
can easily encode the notion of validity as follows 



With this definition, validity of a conditional formula if in CK corresponds to 
the validity of the corresponding formula (vld [(/jj) in HOL, and vice versa. 

We illustrate the approach with formula p ^ p where p is a Boolean variable. 
This formula corresponds to the HOL term (vld [p ^ p\) which expands into 
(type information is omitted) {XA.yS.{A S)){{XA.XB.XX.\/W.{f X A W) ^ 
{B W)) p p) and /?77-normahzes to VS'.VM^.(/ S p W) ^ [p W)). It is easy to 
verify that this HOL formula is countersatisfiable, which is the expected result 



To prove the soundness and completeness of the embedding, a mapping from 
selection function models into Henkin models is employed. 

Definition 8. Given a selection function model A4 — (S*, /, The Henkin 
model T-L'^ = {{Da}aeTi I) for M. is defined as follows: Di is chosen as the set 
of states S , and for all combinations of a and (3, Da^p is chosen as the set of 
all functions from Da to Let p^, . . . ,p™ for m > 1 be the Boolean variables 

of the conditional logic and let [p^ \ — pl^^ for i — 1, . . . ,m. We define I as 
follows: 

^ This choice in particular means that Di^o is the set of all possible predicates q over 
S; these predicates can also be viewed a sets {x £ S \ q{x) — T}. Note, that modulo 
this technicality, Di^o is identical to '2^' in Def. [2l 



(LAJ H m 



vld:=XA,^o>^Si.[A S) 



in CK. 



— For 1 < i < m, choose I{pl^g) G Di^o so that {IiPi^o)){w) = T for all 
w S Di with A4, w \^ p' , and {I{p''i^o)){w) = F otherwise. 

— Choose I{J^^{i^o)Mi~*o)) e A^(i^o)^(j^o) so that for all s,t € and q e 
Di^o holds {I{fi^(t-,o}^(2^o))){s,q,t) ^Tifte f{s,{x £ 5 | q{x) = T}) in 
M, and {lUi^(i^o)~.(i~>o))){s,q,t) = F otherwise. 

— For all other constants Sa, choose I{sa) arbitrarily^ 

It is easy to verify that FL^ is a Henkin modellfl It is even a standard model, 
since the function spaces are full. 

Lemma 1. Let FL^ be a Henkin model for a selection function model Ai. For 
all conditional logic formulas if, states s, and variable assignments 4> it holds: 

M,s^^ iff V{<l^[s/S,],{[^\S)) = T 

Proof. The proof is by induction on the structure of ip. 

LP = pK By definition of [-J, V, and holds V((/)[s/S'i], ([p^'J S)) = 

V((/.[s/S,], S)) = (/(pLo))(s) = T iffM,s^p^. 

For if = (^r) the argument is similar to p = {pM r) below. 

p — [p y r). M,s \= [p y t) iff M,s \= p or A^,s |= t. By induction 
V{4>[s/S^l{[p\ S)) =T or V{ct>[s/S,],{[r\ S)) = T. By Prop. definition of [-J 
and since {{\py r\) S) {{\p\ S)y{\r\ S)) itholdsV{(t)[s/Si],{{[pyr\)S)) = 
V{4>[s/S^,{{[p\ S)y{Vr\ S)))=T. 

(p = {p ^ r). M,s \= p ^ r iff, for all t e f{s, [p]) holds M,t ^ r. This 
is equivalent to, for all t holds (i) t f{s,[p\) or (ii) Ai,t |= r. By induc- 
tion applied to (ii) with (j>' = (j)[s/Si\ holds V{4>'[t/T,],{\r\ T)) = T. Further- 
more, again by induction, for all t and <f>" with 4>" = 4>'[t/Ti\ — (j)[s/ Si][t/Ti\ 
we have A4,u |= p iff V{(p"[u/Ui], {lp\ Ui)) ~ T. Hence, by construction of 
n^, (i) IS equivalent to {I{f)){s,[p],t) = {I{f)){s,{u \ M,u \^ p},t) = 
{I{f)){s,{u I V{(j)"[u/Ui],{[p\ Ui)) = T},t) = F. By definition ofV, and since 
s = V(0", Si) and t = V((/)", Ti) it holds V((/)", (/ S, [pj T,)) = F. By combining 
these results and by Prop. Q] we get that for all t V{4>'[t/Ti], ((/ Si \p\ Ti) 
(LrJ T,))) = V{ct>'[t/T,l{XW.{{f S, [pj Wi) ^ ([rj Wi)) Ti)) = T, which by 
Prop.mis equivalent to V(<^', (7T(,^o)_„ {\W,.{{f S, [pj W,) ^ ([rj W^))))) = 
V{^',{\/WUif S, Ip\ W,) ^ ([rj W,))) = T. By Prop. definition of [-J 
and since {\p => rJ 5*) (VWi.((/ Si \p\ Wi) — > ([rJ W^))) we finally have 
V{4>[slSil{[p^r\ S))^T. 



In fact, we may safely assume that there are no other typed constant symbols given, 
except for the symbol /i^(i^o)^(i^o) , the symbols pl^^, and the logical connectives. 
In "H^ we have merely fixed Di and the interpretation of the constant symbols pl^^ 
and fi^(^i_o)->{i^o)- These constraints are obviously not in conflict with any of the 
requirements in Defs. [5] and |6] The existence of a valuation function V for an HOL 
interpretation crucially depends on how sparse the function spaces have been chosen 
in frame {Dajcgr- [I] discusses criteria that are sufficient to ensure the existence 
of a valuation function; they require that certain A-abstractions have denotations in 
frame {Dajasr. The function spaces are full, so this is trivially the case. 



Theorem 1 (Soundness and Completeness). 

1= (vld \jp\) in HOL if and only if \^ Lp in CK 

Proof. (Soundness) The proof is by contraposition. Assume ^ if in CK, that 
is, there is a selection function model A4 = {S, /, h) and a state s G S", such 
that M,s ^ ip. By Lemma[l\ we have that V{4>[s/ Si], {[ipl S)) — F for a 
variable assignment (j> in Henkin model T-L'^ = ({Dq.}qgT: for M.. Thus, 
by Prop. [21 definition of vld and since (iSi.\}p\ S) =pr) {M \}p\) we know that 
V((/),(VS',.[(pJ S)) = V{(j),{vld \ip\)) ^ F. Hence, |^ [vld \ip\), and thus 

y= {vld [ip\) in HOL. 

(Completeness) The proof is again by contraposition. Assume ^ (vld [(/?]) in 
HOL, that is, there is a Henkin model % = ({-DcjagT-, /) and a variable assign- 
ment4> withV{4>, (vld [ip\)) = F. From (vld lip\) =pjj {\/Si.lip\ S) and Prop. [l\we 
getV{(j), (iSi.\}p\ S)) = F, and hence, by definition of vld, V{4>[s/Si], [ip] S) = F 
for some s £ Di. Without loss of generality we can assume that Henkin Model 
"H is in fact a Henkin model "H^ for a corresponding selection function model 
M. By Lemma[l\ we thus know that A4, s ^ ip, and hence ^ tp in CK. 

Theorem [T] does not trivially follow from previous literature on embedding 
modal logics into HOL because of the complexity of the selection function. In 
fact, standard modalities are usually evaluated over a so-called accessibility re- 
lationship of type R{i,w), where i is an index and w is a world. Conditional 
modalities are instead evaluated over selection functions of type f{w,A) where 
w is a world, A \s a, set of worlds and / is a function which returns a set of 
worlds. 

5 Experiments: Analyzing the Literature 

The presented semantic embedding of conditional logics into HOL is of practical 
relevance. It supports the application of standard HOL-RSs to problems encoded 
within conditional logics and also to problems about conditional logics. Examples 
of the latter kind include correspondence claims between certain axioms and 
related conditions on the semantic structures (e.g., the conditional logic axiom 
ip ^ Lp corresponds to the semantic condition that f{w,[Lp\) C [pi]). 

This section reports on experiments in which such kind of questions have 
been studied with HOL-RSs. The HOL-RSs employed in the case study are: 

LEO-II (version vl.2.6). A higher-order automated theorem prover based on 
extensional r csolution [7 . LEO-lfl cooperates with the first-order theorem 
prover E. 

TPS (version 3.080227Gld). A fully automated version of the higher-order 
theorem proving environment TPy^l [3J. Proof search in TPS is controlled 
by modes (sets of flag settings), and the automated TPS version employed 
here applies strategy scheduling over these modes. 

^ |htt p: //www . leoprover . orgj 

^ |http: //gtps .math . emu ■ edu/tps .litml| 



SatallELx (version 1.4). A higher-order automated theorem prover based on 
a complete ground tableau calculus for HOL with a choice operator [3]. 
Satalla50, which cooperates with SAT solver MiniSat, has additional model 
finding capabilities. 

IsabelleP (version 2009-2). The proof assistant Isabelle/HOl|!| [H] is nor- 
mally used interactively. IsabelleP is an automated version of Isabelle/HOL, 
in which several tactics are subsequently applied. 

Refute and Nitpick (versions 2009-2). Isabelle/HOL's ability to find 
(counter-)models using the refute [^l^ and nifpic^fl commands has been 
integrated into automatic systems. 

The reasoning systems described above are available online via the System- 
OnTPTP tool [H]. They support the new TPTP THF infrastructure for HOL 
[35] and they accept problems formalized in the THF representation language. 

The problems studied in the experiments are: 

Problem 1. Is the presented embedding consistent? In order to study this ques- 
tion, the formalization of the embedding has been passed to the HOL-RSs. 

Problem 2. Are the rules RCEA, RCK, and RCEC implied in the embedding? 
They obviously should, since CK is defined as the minimal conditional logic 
closed under these rules. The problems passed to the HOL-RSs are (types are 
omitted): RCEA: VP,Q,i?.(vld [F o QJ) -J> (vld [{P ^ R) ^ [Q ^ i?)J), 
RCK: VP0,Pl,P2,Q.(vld [(PI A P2) o QJ) (vld [((PO ^ PI) A (PO ^ 
P2)) ^ (PO ^ Q)J), RCEC: VP,Q,P.(vld [P ^ QJ) ^ (vld [(P ^ P) o 



Problem 3. Do the correspondence results between conditional logic axioms and 
semantic conditions as presented in Figure [T] (copied from [18]) indeed hold? 

ID (VA.vld [A^A\)^ (VA, W.{f W A)^A) 

MP (VA, P.vld [{A ^B)^{A^B)\)^ (VA, W.{A W) ((/ W A) W)) 
CS (VA,P.vld [{AaB) {A ^ B)\) ^ {\IA,W.{A W) ^ {f W A) C 
{\X,.X = W)) 

CEM (VA,P.vld [{A ^ B)y [A => -^B)\) o (VA,W^.(/ W A) = % W 

3V.{fW A) = {XX.X = V)) 
. . . The formalizations of AC, RT, CV, and CA are analogous, and the HOL 

encodings of C, 0, n, and U are straightforward. 

In the experiments, each equivalence statement has actually been split in its two 
implication directions. 

Problem 4- A subtle point, concerning correspondence theory for conditional 
logics, is the interpretation of the scopes of the implicit universal quantifiers 



^ |http : //www . ps . iini- Saarland. de/~cebrown/satallax7| 
^ |http : //isabelle . in . turn. de| 

^ |http: //www4 . in. tum7de/~blancliet/nitpick.litml| 
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Fig. 1. Conditional logic axioms and semantic conditions 



in the correspondence statements in Figure [TJ For example, for ID and MP 
we might read (ID') VA.((vld [A =^ A\) ^ W.{{f W A) C A)) and (MP') 
VA,B.(vld [{A ^ B) ^ {A ^ B)\ <^ {VW.{A W) ((/ W A) W))). An 
interesting, non-trivial question (suited also for sharpening the intuition on the 
particular conditional logics axioms) is whether these misread statements are 
still provable. Therefore analogous primed versions have been formalized for all 
correspondence problems as further benchmark examples. 

Problem 5. Do the following logic inclusions hold: (a) CK+{MP,CS} includes 
CK+{CEM}? (b) CK+{CEM,MP} includes CK+{CS}? (c) CK+{RT,AC} in- 
cludes CK+{{A B) ^ {{{A AB) ^ C) ^ (A^ C))}7 The formalizations 
are obvious and we show only the case for (a): 

VA, B.vld [{A ^B)^{A^ B)\ , 
VA, B.vld L(^ AB)^{A^ B)\ 
h VA, B.vld [{A ^ B)V{A^ -nB)\ 

With the results from Problem ([3]) , such questions can alternatively be formalized 
with the respective semantic conditions. 

The detailed results of the experiments are presented in Table [T] Exploiting 
the SystemOnTPTP infrastructure, all experiment runs were done remotely at 
the University of Miami on 2.80GIIz computers with 1GB memory and running 
the Linux operating system. The timeout was set to 180 seconds. 

The first column of the table presents the problem number and the second 
column presents the result status as confirmed by the HOL-RSs: THM stands for 
'theorem', CSA for 'countersatisfiable', and SAT for 'satisfiable'. The remaining 
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3.59 


2.98 




? 














lAC'^ 


CSA 










4.75 


3.82 


ERT"- 


THM 


109.42 


31.73 


0.39 


18.05 






ERT'^ 


CSA 










3.60 


3.00 


Ecv'^ 


THM 


111.06 


31.85 


0.40 


51.14 






Ecv'^ 


THM 




31.78 


0.41 


54.61 






ECA'^ 


CSA 










3.57 


3.09 


EGA'-* 


? 














Ea)_ax. 


CSA 










3.69 


3.01 


Ea)_sem. 


CSA 










3.62 


3.06 


Eb)_ax. 


THM 


0.06 


8.71 










Eb)-sem. 


THM 








63.30 






Ec)_ax. 


THM 




56.52 










Ec)_sem. 


THM 




14.89 


44.69 


42.46 







Table 1. Performance results of HOL-RSs. 



columns report the time after which the particular HOL-RSs reported the dis- 
played status. L stands for LEO-II, T for TPS, S for Satallax, I for IsabelleP, N 
for Nitpick, and R for Refute. 

All correspondence claims have been confirmed by the HOL-RSs. For the 
primed versions the situation is different and several counterexamples have been 
reported by the model finders, in particular, for several forward directions. Two 
of these counterexamples are exemplary presented next. It is straightforward to 
check that they indeed invalidate the respective primed correspondence state- 
ment s0 

Refute reports the following countermodel for MP^: choose Di = {il}, A — 
{il}, B = {il}, W = il, and 

f J-i^/^ 



Nitpick reports for RT'^: choose A = {il,«2}, A = {i2}, B = {il}, C = 0, 
W = i2, and 



il 



i2 





{^1} - 


-^0 
-^0 


im - 


-^{^2} 


[{ii,m - 

'0 


-^0 

-^im 


{^l} - 


-^0 


im - 


-^{il} 


_{jl,i2} - 


-^0 



For both the axiomatic and semantic formalization of Problem [5ja) coun- 
termodels are quickly found. For example, for the axiomatic version [5Ja)_ax. 
Nitpick reports: choose Di — {il,i2}, A = B = {il}, and 



il 



i2 





1 {^1} - 


-^0 
-^{zl} 


1 {^2} - 


-^0 


[{il,i2} - 
'0 


->0 

-^{il,i2} 


{il} - 


-^0 


{^2} - 


-^{^2} 


^{il,i2} - 


-^{^2} 



Inclusion claims [SJb) and[SJc) are confirmed as theorems. 
With the tools provided by the SystemOnTPTP infrastructure it is straight- 
forward to write a small shell script which bundles the mentioned HOL-RSs into 

^ Concerning, problem [3] we might wonder why the suggested denotations for / below 
cannot be used as candidates for generating countermodels to the corresponding 
non-primed correspondence statements — this is clearly not the case: e.g., note that 
the / suggested for invalidating MP'^ (which returns for all arguments W and 
A) is in fact incompatible with (and thus excluded by) MP^s antecedent (to see 
this choose A — {il}, B = 0). Such a kind of further analysis is again effectively 
supported by the HOL-RSs. 



a single online reasoning system, and, in fact, this is how the experiments pre- 
sented in this section have been carried out. As the results demonstrate, this 
combined HOL reasoner is powerful for reasoning about conditional logics; in 
particular the combination of HOL theorem proving and HOL (counter-)model 
finding is intriguing. Hence, there is good evidence that the HOL-RSs could 
fruitfully support the analysis of similar questions in the exploration of further 
conditional logics. Note also, that in most cases there are at least two match- 
ing results by independent systems. Another interesting observation is that TPS 
was the strongest prover in the experiments followed by IsabelleP, Satallax, and 
LEO-H. Since this is exactly the opposite order of the outcome of the 2010 
CASC0 competition, these problems are obviously interesting new benchmarks 
for the TFTP library. 

The approach is applicable also to reasoning within conditional logics For ex- 
ample, formula ((p => 9) O (p — >■ q)) (p ^ p) is obviously countersatisflable, 
and all model finders quickly find respective countermodels. Satallax is fastest 
in 0.28 seconds. The countermodel reported by Nitpick is Di — {il},p — %,q = 
{zl}, and 

- r ' ^ \ {zi} ^ 

Unfortunately, a library of specific benchmark problems for conditional logics 
is currently not available, and therefore the (direct) conditional logics provers 
CondLean, GoalDuck and leanCK have been evaluated in [IB] only with respect 
to classical modal logic problems. In this evaluation the modal logic problems 
were encoded in conditional logics by defining Uip as an abbreviation for T ^ tp. 
Evaluating our approach wrt. these artificially encoded classical modal logic 
problems does hardly make sense though, and the existing direct embedding of 
classical modal logic in HOL [6] should for good reasons be preferred for these 
test examples. First experiments with small hand-translated examples from this 
test suite were nevertheless successful. 

Evidence against the preconception that our higher-order based approach 
to reasoning in conditional logics cannot be effective in practice comes from 
a recent case study on automated reasoning in first-order modal logics |23| . 
In this case study an higher-order based approach which is closely related to 
the one presented here (and which was realized with the provers Satallax and 
LEO-II), performed reasonably well behind the specialist provers MLeanTA^ 
and MLeanSeF0. In particular, the higher-order provers did better (in terms 
of proving problcrns) than the direct prover GQMlJ^ and a first-order solution 
based on MSFAsS 

As a final remark on this section we underline that solutions to problems 
in Section 5 are already known in theory of conditional logics. This does not 
straightforwardly imply that HOL-Reasoners (HOL-RSs) can solve them. In gen- 



"'^ http://yww.tptp.org/CASC/J5/ 

http: //www. leancop. de/mleantap/programs/mleantapll .pi 
http : / /www . leancop . de/mleansep/programs/mleansepll . pi 
)http://cialdea.dia.uniroma3. it/GQML/ 
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eral, HOL is undecidable, the aim of what presented above is to show that the 
theoretical embedding of CLs into HOL has also practical benefits due that it 
is possible to use HOL-RSs to reason about and within CLs. This is possible by 
making HOL-RSs cooperate working on the same task. Concerning model gen- 
eration, we show that countermodels can be constructed for ill- formulated/ill- 
conjectured correspondence claims. 

6 Conclusion 

A sound and complete embedding of conditional logics into classical higher-order 
logic has been presented. Similar to other non-classical logics (H], conditional 
logics can be seen as natural fragments of classical higher-order logic, and they 
can be studied and automated as such. Up to authors knowledge, the presented 
work is the first integrated approach to automated deduction for all extensions of 
CK that involve any combination of the axioms reported in Figure [TJ Previously 
existing proof methods |18I19| are limited to extensions of CK including only ID, 
MP, CS and CEM. Theorem proving for conditional logics appears to be much 
more difficult than for modal logic. There are very few modal provers for CLs, 
namely there are sequent calculi for CK-|-{ID,MP/CEM,CS} ^181 and tableaux 
for CK-F{CEM,MP} [19]. Model builders exist only for CK-h{CEM,MP} [19]. No 
theorem provers are known for CK-|-{CS,AC,RT,CV,CA} and no model builders 
are known for CK-h{ID,CS,AC,RT,CV,CA}. The presented methodology offers 
theorem provers and model finders for above mentioned logics. Moreover, the 
HOL embedding permits use to reason about meta-theorems in an automated 
way, and naturally extends to First- Order CLs. 

Future work includes the systematic analysis of further properties of condi- 
tional logics. For example, following [S] and motivated by the results for Problem 
[5] the systematic verification (respectively exploration) of inclusion and equiv- 
alence relations between different conditional logics should be feasible. We also 
plan to create a library of meaningful and challenging benchmark problems for 
conditional logics and to evaluate the scalability of our approach. Moreover, a 
comparison with direct theorem provers for conditional logics and also with re- 
lated techniques based on translations into first-order logic is needed. However, 
it is not obvious how these approaches could possibly be applied for reasoning 
about properties of conditional logics as studied in this paper. 

Another line of future research is to extend second-order quantifier elimina- 
tions techniques like SCAN or SCHEMA to deal with CLs. In fact, both algo- 
rithms are not directly suited for reasoning under CLs due to the peculiarities 
of selection-function semantics. 
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